CVE-2020-9484
high
CVSS v3
—
CVSS v2
—
VIR risk
8.0
Description
Potential remote code execution in Apache Tomcat
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2020-9484
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2020-9484.html
Vendor advisory: arch — https://security.archlinux.org/ASA-202006-7
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| arch | fixed | 9.0.35-1 | |
| sles | affected | | |
| debian | bookworm | fixed | 9.0.35-1 |
| debian | bullseye | fixed | 9.0.35-1 |
| debian | forky | fixed | 9.0.35-1 |
| debian | sid | fixed | 9.0.35-1 |
| debian | trixie | fixed | 9.0.35-1 |
Package impact
References
- https://security.archlinux.org/ASA-202006-7
- https://www.suse.com/security/cve/CVE-2020-9484.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-9484
- https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222.patch
- https://github.com/apache/tomcat/commit/4785433a226a20df6acbea49296e1ce7e23de453
- https://github.com/apache/tomcat/commit/6d66e99ef85da93e4d2c2a536ca51aa3418bfaf4
- https://github.com/apache/tomcat/commit/74b105657ffbd1d1de80455f03446c3bbf30d1f5
- https://github.com/apache/tomcat/commit/93f0cc403a9210d469afc2bd9cf03ab3251c6f35
- https://github.com/apache/tomcat/commit/bb33048e3f9b4f2b70e4da2e6c4e34ca89023b1b
- https://tomcat.apache.org/security-9.html
- https://tomcat.apache.org/security-8.html
- https://tomcat.apache.org/security-7.html
- https://tomcat.apache.org/security-10.html
- https://security.netapp.com/advisory/ntap-20200528-0005
- https://security.gentoo.org/glsa/202006-21
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ
- https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html
- https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html
- https://bugzilla.suse.com/show_bug.cgi?id=1171928
- https://usn.ubuntu.com/4448-1
- https://usn.ubuntu.com/4596-1
- https://www.debian.org/security/2020/dsa-4727
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
Verify integrity in audit chain (admin only). AS-IS.